This blog is a collection of notes that reflect personal experiences in systems and network administration. "Let all things be done securely."

Wednesday, April 20, 2005

Books: The Art of Intrusion

I am currently reading The Art of Intrusion, by Kevin Mitnick, and will post a full review when I am done. After reading the first 4-5 chapters I am disappointed by the lack of technical detail and the method Mitnick uses to tell the story. Mitnick is giving out security advice during and after each account which has not revealed any gems thus far. If the book continues as it has, I will be forced to give this book to my mother-in-law, as it does not reflect the level of knowledge that I expect.

2 comments:

If I remember right I looked at the book awhile back and wasn't impressed. As I only read a chapter or so of the book my impression of the book my not be acurate. The reason I wasn't impressed is precisely the same reason you stated above. It seemed that the book is just about social engineering. There might be a few technical details but those are glossed over in favor of the human aspect of intrusion.

However, I do think that the book was interesting. It wasn't what I expected when I started reading it, considering it was from Mitnick and the title of the book is The Art of Intrusion.

Maybe this book could give one an idea of the non-technical side of security, which I don't think is not usually apart of the I.T. Professionals job.

I think the chances are pretty good that you have looked at the www.insecure.org before but I just wanted to bring up that Fyodors has a list of recommended readings that might be worth checking out.

http://www.insecure.org/reading.html

I usually tend to like the programming related articles so the smashing stacks article is very interesting to me in the context of programming. There seems to be lot more recommendations since the last time I checked the list which was about two years ago.

I'm glad that it's not just me that is so disappointed with the book then. I have now completed the book and will write a full review shortly, but I remain disappointed.

As far as the social engineering aspect of security goes, I feel that Bruce Schneier has a great discussion on this topic that addresses identity theft. When security advances to the point where the transaction can be validated instead of the person, only then will we be able to slow the social engineering vulnerabilities that we have now.

On another note, I have looked at Insecure.org but I have not looked at the reading list before. Thanks for the tip!